CVE-2016-3536 Details

CVE-2016-3536

Published: 2016-07-21
Last Modified: 2017-09-01
CVE Author: NIST National Vulnerability Database
CVE Assigner: cve@mitre.org
Summary

Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Deliverables. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves multiple cross-site scripting (XSS) vulnerabilities, which allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Analysis
Common Vulnerability Score System v2.0
Severity High
Base Score 7/10
Exploit Score 6.8/10
Access Vector Network
Access Complexity Medium
Authentication Single
Impact Score 7.8/10
Confidentiality Impact Complete
Availability Impact None
Integrity Impact Partial
Vector String AV:N/AC:M/Au:S/C:C/I:P/A:N
Common Vulnerability Score System v3.1
Severity High
Base Score 8.2/10
Exploit Score 2.8/10
Access Vector Network
Access Complexity Low
Privileges Required None
Impact Score 4.7/10
Confidentiality Impact High
Availability Impact None
Integrity Impact Low
Scope Changed
User Interaction Required
Vector String CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Products Reported
CPE Vulnerable Start Excluding
cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:* Yes - -
References

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.securityfocus.com/bid/91787
http://www.securityfocus.com/bid/91857
http://www.securitytracker.com/id/1036403
https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016

CVE ID
CVE-2016-3536
Published
2016-07-21
Modified
2017-09-01
CVSSv2.0
High
CVSSv3.1
High
PCI Compliance
Fail
US-CERT Alert
No
CWE
CWE Pending

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities.